Application No. 10 020,470 
\mendment "C" dated September 30, 2008 
Reply to Office Action mailed April 4. 2004 

AMENDMENTS TO THE CLAIMS 

This listing of claims replaces all prior versions, and listings, of claims in the application: 
Listing of Claims: 

1 . (Currently Amended) In a system including a service that is accessed by a user 
from one or more devices with varying input capabilities, a method for associating multiple 
credentials with a single user account such that the user may be authenticated with any one of the 
multiple credentials, the method comprising an authentication system performing acts of: 

receiving an authentication request at the authentication system from a device, 
wherein the authentication request includes credentials of the user, the credentials being 
selected by the user from among a plurality of credentials valid at the authentication 
system and associated with the user, the credential being chosen by the user based at least 
partially on the user's device; 

validating the credentials provided by the user, wherein the credentials are 
associated with a single unique user identifier of the user, a user account, and a user 
profile; 

receiving new credentials from the user, wherein the new credentials are associated 
with the same unique user identifier of the user, user account, and user profile; 

storing the new credentials in th e cr e dential a credential store of the authentication 
system such that the authentication system can authenticate the user to the service when 
the user provides any one of the multiple credentials associated with the user account; and 

providing, in response to the request, the unique user identifier and the user profile 
to the device. 

2. (Currently Amended) [[A]]The method as defined in claim 1, wherein the 
authentication system is a distributed authentication system, wherein the act of receiving an 
authentication request at the authentication system further comprises an act of determining where 
to send the credentials for validation. 

3. (Currently Amended) [[A]] The method as defined in claim 2, wherein the act of 
determining where to send the credentials for validation uses a username of the credentials. 
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4. (Currently Amended) [[A]] The method as defined in claim 1, wherein the act of 
receiving new credentials from the user further comprises an act of symmetrically associating the 
new credentials with a unique user identifier. 

5. (Currently Amended) [[A]] The method as defined in claim 4, wherein the act of 
symmetrically associating the new credential with a unique user identifier further comprises an 
act of associating the new credentials with a user account. 

6. (Currently Amended) [[A]] The method as defined in claim 4, wherein the act of 
symmetrically associating the new credential with a unique user identifier further comprises an 
act of caching a copy of the unique user identifier with the new credential. 

7. (Currently Amended) [[A]]The method as defined in claim 1, wherein the act of 
receiving new credentials from the user further comprises an act of asymmetrically associating 
the new credentials with a primary credential, wherein the primary credential is stored in a 
primary store with the unique user identifier. 
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8. (Currently Amended) [[A]]The method as defined in claim 1, further comprising one or 
more of: 

a step for remembering which credential was received in the authentication request; 

a step for prompting the user for a more secure credential when the credentials received in 
the authentication request do not meet security requirements of the service , such that the user 
selects a new credential from among the plurality of credentials valid at the authentication 
system; and 

a step for providing at least one security measure for each credential associated with the 
user account, wherein the user is not authenticated to a service if the security measure of a 
particular credential is breached or the user account is locked. 



Page 4 of 17 



Application No. 10 020,470 
\mendment "C" dated September 30, 2008 
Reply to Office Action mailed April 4. 2004 

9. (Currently Amended) In a system that includes multiple services that are accessed 
by a user over a network such as the Internet, wherein the user accesses the multiple services 
from one or more devices that have varying input capabilities, a method for accessing a service 
from a device, the method comprising acts of: 

providing multiple credentials to an authentication system, wherein each of the 
multiple credentials is associated with a user account, a unique user identifier and a user 
profile that is maintained by the authentication system; 

requesting access to a service using a device included in the one or more devices, 
wherein the service requires that the user be authenticated before access to the service is 
granted to the user, wherein the device is redirected to the authentication system; 

the user selecting an access credential from among the multiple credentials 
provided by the user to the authentication system, the selection based on at least partially 
on the user's device to send to the authentication system from th e multipl e cr e d e ntials 
and entering the access credential selected by the user in the device; 

issuing an authentication request to an authentication system, wherein the 
authentication request includes the access credential selected by the user; 

receiving an authentication response from the authentication system, wherein the 
authentication response includes the unique user identifier that authenticates the user to 
the service if the access credential selected by the user is validated, the response also 
including the user profile; and 

sending an authenticated request to the service, wherein the authenticated request 
includes the unique user identifier and user profile such that access to the service is 
obtained. 

10. (Currently Amended) [[A]] The method as defined in claim 9, wherein the act of 
selecting an access credential to send to an authentication system from among the multiple 
credentials provided to the authentication system from multipl e cr e d e ntials further comprises an 
act of selecting the access credential according to an input capability of the device. 

1 1 . (Currently Amended) [[A]]The method as defined in claim 10, wherein the access 
credential is a numerical credential when the device has numerical input. 
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12. (Currently Amended) [[A]] The method as defined in claim 9, the method further 
comprising: 

an act of requiring the user to provide a secure credential to the authentication 
system that is more secure than the access credential , such that the user selects a new 
credential from among the plurality of credentials valid at the authentication system; and 

an act of providing the service with a level of security of the secure credential and 
of the access credential, wherein the service is unaware of both the selected credential and 
the secure credential. 

13. (Currently Amended) [[A]] The method as defined in claim 9, wherein the 
authentication system is a distributed system and wherein some of the multiple credentials are 
stored on different credential stores, wherein the act of providing multiple credentials to an 
authentication service further comprises one or more of: 

a step for symmetrically associating the multiple credentials with the unique user 
identifier, wherein the use identifier is cached with each of the multiple credentials; 

a step for symmetrically associating the multiple credentials with a user account, 
wherein a user account is cached with each of the multiple credentials and 

an step for associating a security measure with each of the multiple credentials, 
wherein the user is not authenticated to a service if the security measure of a particular credential 
is breached or the user account is locked. 

14. (Currently Amended) [[A]] The method as defined in claim 9, wherein the 
authentication system is a distributed system and wherein some of the multiple credentials are 
stored on different credential stores, wherein the act of providing multiple credentials to an 
authentication service further comprises an act of asymmetrically associating the multiple 
credentials with a primary credential, wherein the unique user identifier is stored with the 
primary credential. 

15-21. (Cancelled) 
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22. (Currently Amended) [[A]] The method as recited in claim 1, wherein the new 
credential has an associated security level and wherein the method further comprises: 

associating the new credential with the user account such that the user can be 
authenticated with both the original credential and the new credential, 

prior to providing the response, and subsequent to receiving the authorization 
request, prompting the user for a secure credential that is more secure than the original 
credential if the security level of the original credential is insufficient for a service being 
accessed by the user, wherein the service is provided with the security level of both the 
original credential and the secure credential, but is not aware of either the original 
credential or the secure credential. 

23. (Currently Amended) [[A]] The method as defined in claim 22, wherein the step 
for associating the new credential with the user account further comprises a step for 
symmetrically associating the original credential and the new credential with the user account, 
wherein the user account is cached with each of the original credential and the new credential. 

24. (Currently Amended) [[A]]The method as defined in claim 23, wherein the step 
for associating the new credential with the user account further comprises a step for 
asymmetrically associating the new credential with a primary credential, wherein the primary 
credential is associated with the user account and wherein the primary credential is cached with 
each new credential. 

25. (Currently Amended) [[A]]The method as defined in claim 22, further comprising 
a step for automatically authenticating the user at different services after the user has been 
authenticated at a first service. 

26. (Currently Amended) [[A]]The method as defined in claim 22, wherein the 
original credential is a numerical credential when the device has a preferred numerical input. 
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27. (Currently Amended) In a system including a service that is accessed by a user 
from one or more devices with varying input capabilities, a computer program product for 
implementing a method for associating multiple credentials with a user account such that the user 
may be authenticated with anyone of the multiple credentials, the computer program product 
comprising: 

a computer readable storage medium storing computer readable instructions for 
performing th e m e thod of claim l. a method comprising: 

receiving an authentication request at the authentication system from a 
device, wherein the authentication request includes credentials of the user, the 
credentials being selected by the user from among a plurality of credentials valid at 
the authentication system, the credential being chosen by the user based at least 
partially on the user's device; 

validating the credentials provided by the user, wherein the credentials are 
associated with a single unique user identifier of the user, a user account, and a 
user profile, wherein the type of credentials provided by the user are at least 
partially validated as being of a type associated with the device type such that only 
credentials of a type associated with the device type are allowed; 

receiving new credentials from the user, wherein the new credentials are 
associated with the same unique user identifier of the user, user account, and user 
profile and wherein the new credentials are at least partially validated as being of a 
type associated with the device type such that only credentials of a type associated 
with the device type are allowed; 

storing the new credentials in a credential store of the authentication 
system such that the authentication system can authenticate the user to the service 
when the user provides any one of the multiple credentials associated with the user 
account; and 

providing, in response to the request, the unique user identifier and the user 
profile to the device, the unique user identifier wherein the same unique user 
identifier is provided to the user regardless of the credentials received from the 
user and the users device. 
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28. (Currently Amended) [[A]]The computer readable storage medium of comput er 
program product as d e fin ed-4n-claim 27, wherein the authentication system is a distributed 
authentication system, wherein the act of receiving an authentication request at the authentication 
system further comprises an act of determining where to send the credentials for validation. 

29. (Currently Amended) [[A]] The computer readable storage medium of comput e r 
program product as d e fin e d in claim 28, wherein the act of determining where to send the 
credentials for validation uses a username of the credentials. 

30. (Currently Amended) [[A]] The computer readable storage medium of comput e r 
program product as d e fin e d in claim 27, wherein the act of receiving new credentials from the 
user further comprises an act of symmetrically associating the new credentials with the unique 
user identifier. 

31. (Currently Amended) [[A]] The computer readable storage medium of comput e r 
program product as d e fin e d in claim 30, wherein the act of symmetrically associating the new 
credential with the unique user identifier further comprises an act of associating the new 
credentials with a user account. 

32. (Currently Amended) [[A]] The computer readable storage medium of comput e r 
program product as d e fin e d in claim 30, wherein the act of symmetrically associating the new 
credential with the unique user identifier further comprises an act of caching a copy of the 
unique user identifier with the new credential. 

33. (Currently Amended) [[A]] The computer readable storage medium of comput e r 
pro gram product as d e fin e d in claim 27, wherein the act of receiving new credentials from the 
user further comprises an act of asymmetrically associating the new credentials with a primary 
credential, wherein the primary credential is stored in a primary store with the unique user 
identifier. 
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34. (Currently Amended) [[A]] The computer readable storage medium of computer 
program product as d e fm ed-4n-claim 27, wherein the computer readable instructions further 
comprise instructions for performing the acts of furth e r comprising acts of : 

remembering which credential was received in the authentication request; and 
prompting the user for a more secure credential when the credentials received in 
the authentication request are not sufficient for the service. 



Page 10 of 17 



Application No. 10 020,470 
\mendment "C" dated September 30, 2008 
Reply to Office Action mailed April 4. 2004 

35. (Currently Amended) In a system that includes multiple services that are accessed 
by a user over a network such as the Internet, wherein the user accesses the multiple services 
from one or more devices that have varying input capabilities, a computer program product for 
implementing a method for accessing a service from a device, the computer program product 
comprising: 

a computer readable medium having computer executable instructions for 
performing the method of claim 9. 

36. (Currently Amended) [[A]]The computer readable storage medium of comput e r 
program product as d e fin e d in claim 35, wherein the act of selecting an access credential to send 
to an authentication system from multiple credentials further comprises an act of selecting the 
access credential according to an input capability of the device. 

37. (Currently Amended) [[A]] The computer readable storage medium of comput e r 
program product as d e fin e d in claim 36, wherein the access credential is a numerical credential 
when the device has numerical input. 

38. (Currently Amended) [[A]] The computer readable storage medium of comput e r 
program product as d e fin e d in claim 35, wherein the service requires a level of security, the 
method further comprising an act of providing a secure credential to the authentication system, 
wherein the secure credential is more secure than the access credential and wherein service is 
unaware of both the selected credential and the secure credential. 
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39. (Currently Amended) [[A]] The computer readable storage medium of computer 



and wherein some of the multiple credentials are stored on different credential stores, wherein the 
act of providing multiple credentials to an authentication service further comprises one or more 
of: 

an act of symmetrically associating the multiple credentials with the unique user 
identifier, wherein the unique user identifier is cached with each of the multiple 
credentials; and 

an act of symmetrically associating the multiple credentials with a user account, 
wherein a user account is cached with each of the multiple credentials. 

40. (Currently Amended) [[A]] The computer readable storage medium of computer 
program product as d e fin e d in claim 35, wherein the authentication system is a distributed 
system and wherein some of the multiple credentials are stored on different credential stores, 
wherein the act of providing multiple credentials to an authentication service further comprises 
an act of asymmetrically associating the multiple credentials with a primary credential, wherein 
the unique user identifier is stored with the primary credential. 

41. (Currently Amended) [[A]]The method as defined in claim 1, wherein the same 
unique user identifier is provided to the user regardless of the credentials received from the user. 

42. (Currently Amended) [[A]]The method as defined in claim 1, wherein different 
credentials are required from each of the one or more devices. 

43. (Currently Amended) [[A]] The method as defined in claim 1, wherein providing 
the unique user identifier and the user profile to the device comprises sending a cookie 
containing the unique user identifier and the user profile to the device. 

44. (Currently Amended) [[A]] The method as defined in claim 1, wherein the user 
profile includes data about the user comprising name, personal information, preferred language, 
preferences, and location. 
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45. (Previously Presented) The method as defined in claim 1, wherein the act of 
validating the credentials provided by the user further comprises an act of the authentication 
system comparing the credentials selected by the user against the credentials stored in the 
credential store to determine validity. 
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